Vue SPA 的 Laravel 电子邮件验证

Posted

技术标签:

【中文标题】Vue SPA 的 Laravel 电子邮件验证【英文标题】:Laravel Email Verification for Vue SPA 【发布时间】:2019-12-16 06:56:48 【问题描述】:

如何使用 Vue Router 在 Vue SPA 上实现 Laravel 的电子邮件验证?

到目前为止,我已尝试通过更改 VerificationController 的验证和重新发送方法来处理电子邮件验证。然后,我创建了一个新通知并添加了用于验证的 API 路由。

当生成验证链接并发送到用户的电子邮件时,验证 url 类似于:

https://foobar.test/email/verify/1?expires=1565276056&signature=b15ccd7d6198bdcf81eea4f5cb441efe8eb2d6d5b57a1ce0b1171e685613d917

当链接被点击时,它会打开一个页面,但它在后端什么也不做,因为@verify api 路由没有被命中。

有什么建议吗?

验证控制器.php

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use Illuminate\Http\Request;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\VerifiesEmails;
use Illuminate\Validation\ValidationException;


class VerificationController extends Controller

    /*
    |--------------------------------------------------------------------------
    | Email Verification Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling email verification for any
    | user that recently registered with the application. Emails may also
    | be re-sent if the user didn't receive the original email message.
    |
    */

    use VerifiesEmails;

    /**
     * Where to redirect users after verification.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    
        $this->middleware('auth:api');
        $this->middleware('signed')->only('verify');
        $this->middleware('throttle:600,1')->only('verify', 'resend');
    

    /**
     * Show the email verification notice.
     *
     */
    public function show()
    
        //
    

    /**
     * Mark the authenticated user's email address as verified.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function verify(Request $request)
    
      $userID = $request[‘id’];
      $user = User::findOrFail($userID);
      $user->email_verified_at = date("Y-m-d g:i:s");
      $user->save();

      return response()->json('Email verified!');
    

    /**
     * Resend the email verification notification.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function resend(Request $request)
    
        if ($request->user()->hasVerifiedEmail()) 
            return response()->json('The email is already verified.', 422);
        

        $request->user()->sendEmailVerificationNotification();

        return response()->json('We have e-mailed your verification link!');
    



验证电子邮件.php

<?php

namespace App\Notifications;

use Illuminate\Notifications\Notification;


use Illuminate\Support\Facades\URL;
use Carbon\Carbon;


use Illuminate\Auth\Notifications\VerifyEmail as VerifyEmailBase;


class VerifyEmail extends VerifyEmailBase


    /**
     * Get the verification URL for the given notifiable.
     *
     * @param  mixed  $notifiable
     * @return string
     */
    protected function verificationUrl($notifiable)
    
      return URL::temporarySignedRoute(
      ‘verification.verify’, Carbon::now()->addMinutes(60), [‘id’ => $notifiable->getKey()]
      );

    

API.php

Route::get('email/verify/id', 'Auth\VerificationController@verify')->name('verification.verify');
Route::get('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');

【问题讨论】:

您可能错过了将implements MustVerifyEmail 添加到那个。如果缺少此接口实现,邮件检查方法将不会做任何事情。你能发布或检查你的用户模型吗? 为什么你认为它没有被击中?它完全匹配。你的 API 路径上有前缀吗? 【参考方案1】:

这是我为解决问题所做的。转到 AuthServiceProvider

/**
   * Register any authentication / authorization services.
   *
   * @return void
   */
  public function boot()
  
    $this->registerPolicies();

    //

    VerifyEmail::createUrlUsing(function ($notifiable) 
      $params = [
        "expires" => Carbon::now()
          ->addMinutes(60)
          ->getTimestamp(),
        "id" => $notifiable->getKey(),
        "hash" => sha1($notifiable->getEmailForVerification()),
      ];

      ksort($params);

      // then create API url for verification. my API have `/api` prefix,
      // so i don't want to show that url to users
      $url = \URL::route("verification.verify", $params, true);

      // get APP_KEY from config and create signature
      $key = config("app.key");
      $signature = hash_hmac("sha256", $url, $key);

      // generate url for yous SPA page to send it to user
      return env("APP_FRONT") .
        "/auth/verify-email/" .
        $params["id"] .
        "/" .
        $params["hash"] .
        "?expires=" .
        $params["expires"] .
        "&signature=" .
        $signature;
    );
  

将此添加到 api.php

Route::get("/verify-email/id/hash", [
    VerifyEmailController::class,
    "__invoke",
  ])
    ->middleware(["auth:sanctum","signed", "throttle:6,1"])
    ->name("verification.verify");

将此添加到 VerifyEmailController.php

 /**
   * Mark the authenticated user's email address as verified.
   *
   * @param  \Illuminate\Foundation\Auth\EmailVerificationRequest  $request
   * @return \Illuminate\Http\RedirectResponse
   */
  public function __invoke(EmailVerificationRequest $request)
  
    if ($request->user()->hasVerifiedEmail()) 
      return response()->json(
        [
          "message" => "Your'r email already verified.",
        ],
        Response::HTTP_BAD_REQUEST
      );
    

    if ($request->user()->markEmailAsVerified()) 
      event(new Verified($request->user()));
    

    return response()->json(
      [
        "message" => "Verification complete thank you.",
      ],
      Response::HTTP_OK
    );
  

前端

async verfyEmail() 
      try 
        const params = new URLSearchParams(this.$route.query)
        let res = await this.$axios.get(
          'verify-email/' +
            this.$route.params.id +
            '/' +
            this.$route.params.hash,
           params 
        )
        this.$router.push( name: 'platform-dashboard' )
       catch (error) 
        console.log(error.response)
        this.$router.push( name: 'platform-dashboard' )
      
    

【讨论】:

【参考方案2】:

解决方案非常简单。 使用temporarySignedRoute需要指定路由,默认为verification.verify,过期时间和参数。

<?php

namespace App\Notifications;

use Illuminate\Notifications\Notification;


use Illuminate\Support\Facades\URL;
use Carbon\Carbon;


use Illuminate\Auth\Notifications\VerifyEmail as VerifyEmailBase;


class VerifyEmail extends VerifyEmailBase


    /**
     * Get the verification URL for the given notifiable.
     *
     * @param  mixed  $notifiable
     * @return string
     */
    protected function verificationUrl($notifiable)
    
      return URL::temporarySignedRoute(
          'verification.verify',
           now()->addMinutes(60),
           ['id' => $notifiable->id, 'hash' => sha1($notifiable->getEmailForVerification())]
    );

    

【讨论】:

这将创建注册用户收到的电子邮件中的 URL,但没有解释如何在 VueJS 前端处理它。正如我从上一个答案中了解到的那样,来自该 URL 的参数需要在控制器中处理,但由于示例使用 Angular,具体细节尚不清楚。【参考方案3】:

我的 Angular SPA 遇到了同样的问题。不确定您是否仍需要帮助,但希望我的回答能对某人有所帮助。

所以虽然 laravel UrlGenerator::signedRoute 不够灵活(你可以订阅这个idea。不是同一种情况,但与此相关)我们必须自己实现 url 签名。

在您的VerifyEmail 班级中:

    protected function verificationUrl($notifiable)
    
        // collect and sort url params
        $params = [
            'expires' => Carbon::now()
                ->addMinutes(Config::get('auth.verification.expire', 60))
                ->getTimestamp(),
            'id' => $notifiable->getKey(),
            'hash' => sha1($notifiable->getEmailForVerification()),
        ];
        ksort($params);

        // then create API url for verification. my API have `/api` prefix,
        // so i don't want to show that url to users 
        $url = URL::route(
            'api:auth:verify',
            $params,
            true
        );

        // get APP_KEY from config and create signature
        $key = config('app.key');
        $signature = hash_hmac('sha256', $url, $key);

        // generate url for yous SPA page to send it to user
        return url('verify-email') . '?' . http_build_query($params + compact('signature'), false);
    

之后,在您的 SPA 中,您应该获取 url 参数并调用 API 请求。我将指定 Angular 示例,但它应该很容易适应 Vue。

// on component load
ngOnInit() 

  // get query params from current route   
  this.route.queryParamMap.subscribe(params => 

    // generate API url. Make sure your query params come in the same order
    // as in signature generation. By default signature check middleware 
    // extracts `signature` param so `expires` is the only param that
    // is checked so order doesn't matter, but if you need another params -
    // it can turn into a problem 
    const url = this.router.createUrlTree(['api', 'auth', 'verify', data.id, data.hash],
      queryParams: expires: data.expires, signature: data.signature).toString();

    // make API request. if signature check fails - you will receive 403 error
    return this.http.get(url).subscribe();
  );

我看到的另一种更简单的方法是生成直接 API url 并将其发送给用户。验证后只需将浏览器重定向到您的 SPA。我只是不明白为什么它在你的情况下不起作用。也许您的网络服务器配置中有一些重写规则,因此您的实际域名与您的APP_URL 不匹配?或者也许你在另一个端口提供你的 API?

【讨论】:

以上是关于Vue SPA 的 Laravel 电子邮件验证的主要内容,如果未能解决你的问题,请参考以下文章

Laravel 将 Auth 传递给 vue SPA

使用内置的 Laravel 5.2 身份验证并加载 SPA,然后为所有其他路由加载 Dingo API

如果页面仅加载一次,如何在 SPA 中获取 Laravel cookie

如何同时使用 Laravel 认证和 vue-router

为啥 Laravel 附带 Vue? (SPA 与 MVC)

如何在 SPA 中处理角色/权限(Laravel+Vue)